Privacy Policy
This privacy policy applies to the customer and administration portal dash.mydatacenter.at of myDC Cloud Services GmbH (ordering, customer account, invoices, support and associated processing operations).
As of: July 2026
The address of our website is: https://www.mydatacenter.at
This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the websites, functions and content connected with it, as well as external online presences, such as our social media profiles (hereinafter jointly referred to as "online offering"). With regard to the terminology used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
- myDC Cloud Services GmbH
- Dr.-Franz-Wilhelm-Straße 2, 3500 Krems an der Donau
- Telephone: +43 2732 71545-0
- E-Mail: office@myDataCenter.at
- Data protection enquiries: datenschutz@myDataCenter.at
- Managing Director: Robert Siedl, CMC
Types of data processed
- Master data (e.g. names, addresses)
- Contact data (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
Categories of data subjects
Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as "users").
Purpose of processing
- Provision of the online offering, its functions and content
- Responding to contact enquiries and communication with users
- Security measures
- Marketing
Terminology used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable legal bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not stated in this privacy policy, the following applies: the legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR; the legal basis for processing to perform our services and to carry out contractual measures as well as to respond to enquiries is Art. 6 (1) lit. b GDPR; the legal basis for processing to comply with our legal obligations is Art. 6 (1) lit. c GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6 (1) lit. f GDPR. In the event that vital interests of the data subject or of another natural person make the processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.
Security measures
In accordance with Art. 32 GDPR, and taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access, input, disclosure, availability and separation relating to the data. Furthermore, we have established procedures that guarantee the exercise of data subjects' rights, the erasure of data and responses to threats to the data. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
TLS encryption with https
We use https in order to transmit data in encrypted form over the internet (data protection by design, Art. 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for the secure transmission of data over the internet, we protect confidential data during transmission. You can recognise the use of this protection by the padlock symbol on the left of your browser's address bar and by the use of the https scheme (instead of http) as part of our internet address.
Cooperation with processors and third parties
Where, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit data to them or otherwise grant them access to the data, this only takes place on the basis of a legal permission (e.g. where a transmission of data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), where you have consented, where a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents or payment service providers).
Where we commission third parties to process data on the basis of a so-called "data processing agreement", this takes place on the basis of Art. 28 GDPR.
Rights of data subjects
You have the right to obtain confirmation as to whether data concerning you are being processed, and to obtain information about such data as well as further information and a copy of the data in accordance with Art. 15 GDPR. In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you. In accordance with Art. 17 GDPR, you have the right to request that data concerning you be erased without undue delay or, alternatively, in accordance with Art. 18 GDPR, to request a restriction of the processing of the data. You have the right to request that the data concerning you which you have provided to us be received in accordance with Art. 20 GDPR and to demand its transmission to other controllers.
Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the Austrian Data Protection Authority (www.dsb.gv.at).
Right to withdraw consent
You have the right to withdraw consent granted in accordance with Art. 7 (3) GDPR with effect for the future.
Right to object
You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may in particular be made against processing for the purposes of direct marketing.
Contact for data protection matters
To exercise your rights, or if you have any concerns or further questions about data protection, please contact us in writing at myDC Cloud Services GmbH, Dr.-Franz-Wilhelm-Straße 2, 3500 Krems an der Donau, or by e-mail at datenschutz@myDataCenter.at.
Erasure of data
The data processed by us are erased or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated within this privacy policy, the data stored by us are erased as soon as they are no longer required for their intended purpose and no statutory retention obligations preclude erasure. Where the data are not erased because they are required for other purposes permitted by law, their processing is restricted. This means that the data are blocked and not processed further for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
In accordance with statutory requirements in Austria, data are retained in particular for 7 years pursuant to § 132 (1) BAO (Austrian Federal Fiscal Code) (accounting records, receipts/invoices, accounts, business papers, statement of income and expenditure, etc.), for 22 years in connection with real property, and for 10 years for documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-taxable persons in EU member states and for which the One-Stop-Shop (EU-OSS) is used.
Data processing in detail
Hosting and server log files
Our online offering is operated on our own infrastructure in Austria; no external web hosting provider is used. When our website is accessed, we process access data in the form of server log files on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR (security and stability of the online offering). This includes, in particular, the address of the page accessed, the date and time of access, the volume of data transferred, the notification of successful access, the browser type and version, the operating system, the previously visited page (referrer URL) and the IP address.
Log file information is stored for security reasons (e.g. to investigate cases of misuse) for a maximum of 7 days and is then erased or anonymised. Data whose further retention is required for evidentiary purposes are exempt from erasure until the respective incident has been finally resolved.
Cookies
"Cookies" are small files that are stored on users' computers. Various information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, also known as "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may, for example, store the contents of a shopping cart in an online shop or a login status. Cookies are referred to as "permanent" or "persistent" if they remain stored even after the browser is closed. This allows, for example, the login status to be stored if users return after several days.
This website does not use any tracking cookies or marketing cookies. We use temporary and permanent cookies exclusively for technically necessary functions of our online shop and customer portal, e.g. for storing the shopping cart contents and the login status.
If you do not wish cookies to be stored on your computer, please deactivate the corresponding option in the system settings of your browser. You can also delete stored cookies there. Disabling cookies may result in functional limitations of this online offering.
Business-related processing
In addition, we process
- Contract data (e.g. subject matter of the contract, term, customer category)
- Payment data (e.g. bank details, payment history)
of our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Order processing in the online shop and customer account
We process the data of our customers in the course of the ordering processes in our online shop in order to enable them to select and order the chosen products and services, as well as to pay for and receive or have them delivered or carried out.
The data processed include master data, communication data, contract data and payment data; the persons affected by the processing include our customers, prospective customers and other business partners. The processing takes place for the purpose of providing contractual services in the course of operating an online shop, billing, delivery and customer services. For this purpose, we use session cookies to store the shopping cart contents and permanent cookies to store the login status.
The processing takes place on the basis of Art. 6 (1) lit. b (carrying out the ordering processes) and lit. c (legally required archiving) GDPR. The information marked as required is necessary for the establishment and performance of the contract. We disclose the data to third parties only in connection with delivery, payment or within the scope of legal permissions and obligations towards legal advisers and authorities. The data are processed in third countries only where this is necessary for the performance of the contract (e.g. at the customer's request in the case of delivery or payment).
You may optionally create a customer account in which you can, in particular, view your orders. During registration, the required mandatory information (in particular name, e-mail address and password) is communicated to you; we process this on the basis of Art. 6 (1) lit. b GDPR for the provision of the customer account. Customer accounts are not public and cannot be indexed by search engines. We may inform you by e-mail about information relevant to your customer account, such as technical changes.
If you cancel your customer account, the data relating to it are erased, unless their retention is required for reasons of commercial or tax law pursuant to Art. 6 (1) lit. c GDPR; in that case, the data are archived until the expiry of the respective retention obligation. It is your responsibility to back up your data before the end of the contract in the event of cancellation.
In the course of registration, renewed logins and the use of our online services, we store the IP address and the time of the respective user action. This storage takes place on the basis of our legitimate interests as well as those of the users in protection against misuse and other unauthorised use (Art. 6 (1) lit. f GDPR). This data is generally not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 (1) lit. c GDPR. The IP addresses are anonymised or erased at the latest after 7 days.
Erasure takes place after the expiry of statutory warranty and comparable obligations; the necessity of retention is reviewed every three years. In the case of statutory archiving obligations, erasure takes place after their expiry (in Austria generally 7 years, see "Erasure of data").
Administration, financial accounting, office organisation, contact management
We process data in the course of administrative tasks as well as the organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. The processing affects customers, prospective customers, business partners and website visitors. The purpose of, and our interest in, the processing lie in administration, financial accounting, office organisation and the archiving of data, i.e. tasks that serve the maintenance of our business activities, the performance of our duties and the provision of our services. The erasure of data in relation to contractual services and contractual communication corresponds to the information stated for those processing activities.
In this context, we disclose or transmit data to the tax administration, advisers such as tax advisers or auditors, as well as to authorities and payment service providers.
Furthermore, on the basis of our commercial interests, we store information on suppliers, event organisers and other business partners, e.g. for the purpose of later contact. This predominantly company-related data is generally stored permanently.
Business analyses and market research
In order to operate our business economically and to be able to identify market trends as well as the wishes of contractual partners and users, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process master data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6 (1) lit. f GDPR, whereby the data subjects include contractual partners, prospective customers, customers, visitors and users of our online offering.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with information, e.g. on the services they have used. The analyses serve to increase user-friendliness, to optimise our offering and to improve business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.
Where these analyses or profiles are personal, they are erased or anonymised upon cancellation by the user, otherwise after two years from the conclusion of the contract. In all other respects, the overall business analyses and general trend determinations are, as far as possible, prepared anonymously.
Contacting us
When you contact us (e.g. via contact form, e-mail, telephone or social media), the user's information is processed for the purpose of handling the contact enquiry and processing it pursuant to Art. 6 (1) lit. b GDPR. The users' information may be stored in a customer relationship management system ("CRM system") or comparable enquiry management system.
We erase enquiries once they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
Newsletter
With the following information, we inform you about the contents of our newsletter, the subscription and dispatch procedure as well as your rights to object. By subscribing to our newsletter, you consent to receiving it and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with information about our company (hereinafter "newsletter") only with the consent of the recipients or on the basis of a legal permission. Where the contents of the newsletter are specifically described in the course of a subscription, they are decisive for the users' consent. In all other respects, our newsletters contain information about our services and about us.
Double opt-in and logging: Subscription to our newsletter takes place using a so-called double opt-in procedure. This means that after subscribing you receive an e-mail asking you to confirm your subscription. This confirmation is necessary so that no one can subscribe using another person's e-mail address. Newsletter subscriptions are logged in order to be able to prove the subscription process in accordance with the legal requirements. This includes storing the time of subscription and confirmation as well as the IP address. Changes to your data stored with us are also logged.
Subscription data: To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter.
The newsletter is dispatched on the basis of the recipients' consent pursuant to Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with § 174 (3) TKG 2021 (Austrian Telecommunications Act) or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 (1) lit. f GDPR in conjunction with § 174 (4) TKG 2021.
The logging of the subscription procedure takes place on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that serves both our business interests and meets users' expectations and, furthermore, allows us to prove consent.
Cancellation/withdrawal: You may cancel receipt of our newsletter at any time, i.e. withdraw your consent. You will find a link to cancel the newsletter at the end of every newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before erasing them, in order to be able to prove consent that was previously given. The processing of this data is restricted to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time.
Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, prospective customers and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing policies of their respective operators apply.
Unless stated otherwise within our privacy policy, we process the data of users where they communicate with us within the social networks and platforms, e.g. by posting on our online presences or sending us messages.
Changes to this privacy policy
We reserve the right to amend this privacy policy when updating our website or changing our data processing procedures. You will find the current version at any time at www.mydatacenter.at/datenschutz.
Powered by WHMCompleteSolution